Internet spam typically includes one or more unsolicited messages sent, or posted, as part of a larger collection of messages, all having substantially identical content. Spam, as used herein, refers to email spam. Perpetrators that generate and send such spam may harvest email addresses of prospective recipients from Usenet postings or web pages, obtain them from databases, or simply guess them by using common names and domains. By popular definition, spam occurs without the permission of the recipients.
Spam is a significant burden for recipients as well as those who support the networking infrastructures that provide email services. Spam is chiefly utilized to deliver unwanted advertisements. Spammers, or those sending spam, also send spam for other agendas, such as denial of service, for example through the clogging of an email inbox using excessive bandwidth or disk space. Additional agendas may also include politics or malicious pornography. While other spamming motives exist, the common characteristic despite motive is that unwanted email circumvents devised email defenses, causing much productivity loss and great annoyance.
Presently there is a plurality of spam identifying and filtering techniques. Such means and apparatus may be provided at the client (end-user) end, or imbedded in various other stages of email handling, such as a central server. A system or algorithm has not yet emerged that is capable of identifying all spam due to the multitude of factors spammers use to camouflage the email content. Generally, the camouflage consists of random content to thwart identification of a pattern of consistency from one spam email to the next. The subject, the body of text, and even the normally invisible hypertext content may differ slightly in each spam email. Mass mailings containing legitimate and repetitious content are conversely known as non-spam, and may include, for example, proxy notices, billings, and customer services notifications. Invariably, the spam contains an active link implemented as hypertext or a script-activated button for the purpose of user response.
Presently, common signatures of email spam are identified and continually manually added for handling new patterns of spam content, resulting in a vicious circle of spam and defender warfare, with screening provided at mail server and client levels in the hierarchy. However, conventional screenings are failing to identify root spammers, thus allowing the spam to continually clog a user's inbox.